Software testers often seem to feel intimidated by security testing. It seems too technical, there’s so much to learn, and where the hell do you start? How do I even know if something is a vulnerability? How do I incorporate all this into my testing? Penetration testers are viewed as the technical elite with their hacker mindsets and cool tools, and laissez-faire attitude to digital boundaries. But our two professions have so much more in common than you might think, we are two sides of the same coin. We can learn from each other, and software testers already have many of the skills which apply to security, it need not be left only to the hackers.
This talk will bring together Jay, a pen tester, and Claire, a software tester, to talk about the things which unite us, both human and technical, the common challenges we both face (will we be automated out of our jobs?), and the language which brings us together yet also causes no end of problems. We’ll show how testers need not fear security, challenge the perception of pen testers, and how testers can apply their existing skills to start to think about security while working in their teams, and champion security in the companies they work in.